🔐 Access Control List (ACL)

 

🔐 Access Control List (ACL)

🧠 Top 5 Key Points

  1. Traffic Filtering:
    ACLs filter network traffic by allowing or denying packets based on criteria like IP address, protocol, or port.

  2. Security Control:
    They help protect networks by restricting unauthorized access to specific network segments or devices.

  3. Types of ACLs:

    • Standard ACLs (1–99): Filter traffic based only on source IP address.

    • Extended ACLs (100–199): Filter traffic based on source, destination, and port/protocol.

  4. Direction of Application:
    ACLs can be applied inbound (incoming packets) or outbound (leaving interface).

  5. Order Matters:
    ACLs are processed top-down; the first match decides the action — unmatched packets are denied by default.

⚙️ Technical Summary

FeatureDescription
OSI LayerLayer 3 (Network Layer)
PurposeTraffic filtering & security
PlacementRouter interfaces
Default BehaviorImplicit “deny all” at end
Common UseRestrict access between subnets or to servers

🧰 Packet Tracer Lab – ACL Example

🎯 Goal:

Block traffic from one LAN to another while allowing all other traffic.

🖥️ Network Topology

PC1 (LAN1) ---- Router ---- PC2 (LAN2)

IP Address Plan

DeviceInterfaceIP AddressNetwork
R1G0/0192.168.1.1192.168.1.0/24
G0/1192.168.2.1192.168.2.0/24
PC1NIC192.168.1.10192.168.1.0/24
PC2NIC192.168.2.10192.168.2.0/24

🪜 Step-by-Step Configuration

🔹 1. Basic Router Configuration

enable
conf t
interface g0/0
 ip address 192.168.1.1 255.255.255.0
 no shutdown
exit
interface g0/1
 ip address 192.168.2.1 255.255.255.0
 no shutdown
exit

🔹 2. Create a Standard ACL

Block all traffic from 192.168.1.0/24 (LAN1) to LAN2, but allow others.

access-list 10 deny 192.168.1.0 0.0.0.255
access-list 10 permit any

🔹 3. Apply ACL to an Interface

Apply it outbound on interface G0/1 (towards LAN2).

interface g0/1
 ip access-group 10 out
exit

🔹 4. Verify ACL Configuration

show access-lists

➡ Displays ACL entries and hit counts.

show running-config

➡ Verifies ACL applied to the correct interface.

💡 Testing

  • From PC1 (192.168.1.10) → try to ping 192.168.2.10 (PC2) → ❌ should fail (blocked by ACL).

  • From Router (or another network) → ping PC2 → ✅ should succeed.

🧠 Learning Summary

ConceptDescription
ACL PurposeFilter network traffic
Standard ACLBased on source IP only
Extended ACLBased on source, destination & port
DirectionInbound or outbound
Default RuleImplicit deny at the end

💬 Teaching Tip

“Think of an ACL as a security guard at a router port — it checks every packet’s ID (IP, protocol, port) before letting it pass.”

Comments

Post a Comment

Popular posts from this blog

🖥️ Private IP vs Public IP Address

  🖥️ Private IP vs Public IP Address 🧠 Definition: Private IP Address: Used inside a private network (LAN) — identifies devices like PCs, printers, and routers within a local area. Example: 192.168.1.10 Public IP Address: Used on the Internet — identifies your network or device globally so it can communicate with other networks. Example: 8.8.8.8 🔹 Key Differences Feature Private IP Address Public IP Address Scope Used within local/private networks Used on the Internet (global scope) Uniqueness Can be reused in different networks Must be unique worldwide Assigned by Network Administrator or Router (DHCP) Internet Service Provider (ISP) Accessibility Not reachable from the Internet Reachable over the Internet Security More secure, hidden from external access Less secure, visible on the Internet Example Ranges 10.0.0.0 – 10.255.255.255 172.16.0.0 – 172.31.255.255 192.168.0.0 – 192.168.255.255 1.0.0.0 – 223.255.255.255 (except private ranges) 💡 Quick Example...
Read more

🧠 Introduction to CCNA Networking

  Absolutely 👍 — here’s a ready-to-use introduction to CCNA Networking you can present to students, either as teaching content , classroom introduction , or course overview . It’s written in a student-friendly, engaging, and clear way 👇 🧠 Introduction to CCNA Networking 🌍 What is CCNA? CCNA (Cisco Certified Network Associate) is a globally recognized certification offered by Cisco Systems , one of the leading companies in networking technologies. It’s designed to build your foundational knowledge in computer networking , covering how data moves across networks, how devices communicate, and how to configure and troubleshoot network systems. In short: CCNA teaches you how the Internet works — from cables to routers to cloud. 🎯 Learning Objectives By the end of this course, students will be able to: Understand network fundamentals — how data travels between devices. Explain LANs (Local Area Networks) and WANs (Wide Area Networks) . Configure and troubles...
Read more